<!DOCTYPE HTML>
<html lang="zh-CN">


<head>
    <meta charset="utf-8">
    <meta name="keywords" content="网络攻击与防范, 十二惊惶的gitee">
    <meta name="description" content="网络攻击与防范[TOC]
网络攻击概述
任何在非授权的情况下，试图存取信息、处理信息或破坏网络系统以使系统不可靠、不可用的故意行为都被称为网络攻击

常见网络攻击常见的网络攻击类型有：拒绝服务攻击，利用型攻击，信息收集型攻击，虚假信息型攻击">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
    <meta name="renderer" content="webkit|ie-stand|ie-comp">
    <meta name="mobile-web-app-capable" content="yes">
    <meta name="format-detection" content="telephone=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
    <meta name="referrer" content="no-referrer-when-downgrade">
    <!-- Global site tag (gtag.js) - Google Analytics -->


    <title>网络攻击与防范 | 十二惊惶的gitee</title>
    <link rel="icon" type="image/png" href="/shier_jinghuang/favicon.png">
    


    <!-- bg-cover style     -->



<link rel="stylesheet" type="text/css" href="/shier_jinghuang/libs/awesome/css/all.min.css">
<link rel="stylesheet" type="text/css" href="/shier_jinghuang/libs/materialize/materialize.min.css">
<link rel="stylesheet" type="text/css" href="/shier_jinghuang/libs/aos/aos.css">
<link rel="stylesheet" type="text/css" href="/shier_jinghuang/libs/animate/animate.min.css">
<link rel="stylesheet" type="text/css" href="/shier_jinghuang/libs/lightGallery/css/lightgallery.min.css">
<link rel="stylesheet" type="text/css" href="/shier_jinghuang/css/matery.css">
<link rel="stylesheet" type="text/css" href="/shier_jinghuang/css/my.css">
<link rel="stylesheet" type="text/css" href="/shier_jinghuang/css/dark.css" media="none" onload="if(media!='all')media='all'">




    <link rel="stylesheet" href="/shier_jinghuang/libs/tocbot/tocbot.css">
    <link rel="stylesheet" href="/shier_jinghuang/css/post.css">




    



    <script src="/shier_jinghuang/libs/jquery/jquery-3.6.0.min.js"></script>

<meta name="generator" content="Hexo 5.4.0"><link rel="alternate" href="/shier_jinghuang/atom.xml" title="十二惊惶的gitee" type="application/atom+xml">
</head>


<body>
    <header class="navbar-fixed">
    <nav id="headNav" class="bg-color nav-transparent">
        <div id="navContainer" class="nav-wrapper container">
            <div class="brand-logo">
                <a href="/shier_jinghuang/" class="waves-effect waves-light">
                    
                    <img src="/shier_jinghuang/medias/1.jpg" class="logo-img" alt="LOGO">
                    
                    <span class="logo-span">十二惊惶的gitee</span>
                </a>
            </div>
            

<a href="#" data-target="mobile-nav" class="sidenav-trigger button-collapse"><i class="fas fa-bars"></i></a>
<ul class="right nav-menu">
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/shier_jinghuang/" class="waves-effect waves-light">
      
      <i class="fas fa-home" style="zoom: 0.6;"></i>
      
      <span>首页</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/shier_jinghuang/tags" class="waves-effect waves-light">
      
      <i class="fas fa-tags" style="zoom: 0.6;"></i>
      
      <span>标签</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/shier_jinghuang/categories" class="waves-effect waves-light">
      
      <i class="fas fa-bookmark" style="zoom: 0.6;"></i>
      
      <span>分类</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/shier_jinghuang/archives" class="waves-effect waves-light">
      
      <i class="fas fa-archive" style="zoom: 0.6;"></i>
      
      <span>归档</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/shier_jinghuang/about" class="waves-effect waves-light">
      
      <i class="fas fa-user-circle" style="zoom: 0.6;"></i>
      
      <span>关于</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/shier_jinghuang/contact" class="waves-effect waves-light">
      
      <i class="fas fa-comments" style="zoom: 0.6;"></i>
      
      <span>留言板</span>
    </a>
    
  </li>
  
  <li class="hide-on-med-and-down nav-item">
    
    <a href="/shier_jinghuang/friends" class="waves-effect waves-light">
      
      <i class="fas fa-address-book" style="zoom: 0.6;"></i>
      
      <span>友情链接</span>
    </a>
    
  </li>
  
  <li>
    <a href="#searchModal" class="modal-trigger waves-effect waves-light">
      <i id="searchIcon" class="fas fa-search" title="搜索" style="zoom: 0.85;"></i>
    </a>
  </li>
  <li>
    <a href="javascript:;" class="waves-effect waves-light" onclick="switchNightMode()" title="深色/浅色模式" >
      <i id="sum-moon-icon" class="fas fa-sun" style="zoom: 0.85;"></i>
    </a>
  </li>
</ul>


<div id="mobile-nav" class="side-nav sidenav">

    <div class="mobile-head bg-color">
        
        <img src="/shier_jinghuang/medias/1.jpg" class="logo-img circle responsive-img">
        
        <div class="logo-name">十二惊惶的gitee</div>
        <div class="logo-desc">
            
            犁牛之子骍且角，虽欲勿用，山川其舍诸
            
        </div>
    </div>

    <ul class="menu-list mobile-menu-list">
        
        <li class="m-nav-item">
	  
		<a href="/shier_jinghuang/" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-home"></i>
			
			首页
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/shier_jinghuang/tags" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-tags"></i>
			
			标签
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/shier_jinghuang/categories" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-bookmark"></i>
			
			分类
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/shier_jinghuang/archives" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-archive"></i>
			
			归档
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/shier_jinghuang/about" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-user-circle"></i>
			
			关于
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/shier_jinghuang/contact" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-comments"></i>
			
			留言板
		</a>
          
        </li>
        
        <li class="m-nav-item">
	  
		<a href="/shier_jinghuang/friends" class="waves-effect waves-light">
			
			    <i class="fa-fw fas fa-address-book"></i>
			
			友情链接
		</a>
          
        </li>
        
        
        <li><div class="divider"></div></li>
        <li>
            <a href="https://gitee.com/Im-so-scared-2/shier_jinghuang" class="waves-effect waves-light" target="_blank">
                <i class="fab fa-github-square fa-fw"></i>十二惊惶
            </a>
        </li>
        
    </ul>
</div>


        </div>

        
            <style>
    .nav-transparent .github-corner {
        display: none !important;
    }

    .github-corner {
        position: absolute;
        z-index: 10;
        top: 0;
        right: 0;
        border: 0;
        transform: scale(1.1);
    }

    .github-corner svg {
        color: #0f9d58;
        fill: #fff;
        height: 64px;
        width: 64px;
    }

    .github-corner:hover .octo-arm {
        animation: a 0.56s ease-in-out;
    }

    .github-corner .octo-arm {
        animation: none;
    }

    @keyframes a {
        0%,
        to {
            transform: rotate(0);
        }
        20%,
        60% {
            transform: rotate(-25deg);
        }
        40%,
        80% {
            transform: rotate(10deg);
        }
    }
</style>

<a href="https://gitee.com/Im-so-scared-2/shier_jinghuang" class="github-corner tooltipped hide-on-med-and-down" target="_blank"
   data-tooltip="十二惊惶" data-position="left" data-delay="50">
    <svg viewBox="0 0 250 250" aria-hidden="true">
        <path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path>
        <path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2"
              fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path>
        <path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z"
              fill="currentColor" class="octo-body"></path>
    </svg>
</a>
        
    </nav>

</header>

    



<div class="bg-cover pd-header post-cover" style="background-image: url('/shier_jinghuang/medias/featureimages/20.jpg')">
    <div class="container" style="right: 0px;left: 0px;">
        <div class="row">
            <div class="col s12 m12 l12">
                <div class="brand">
                    <h1 class="description center-align post-title">网络攻击与防范</h1>
                </div>
            </div>
        </div>
    </div>
</div>




<main class="post-container content">

    
    <div class="row">
    <div id="main-content" class="col s12 m12 l9">
        <!-- 文章内容详情 -->
<div id="artDetail">
    <div class="card">
        <div class="card-content article-info">
            <div class="row tag-cate">
                <div class="col s7">
                    
                    <div class="article-tag">
                        
                            <a href="/shier_jinghuang/tags/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/">
                                <span class="chip bg-color">网络安全</span>
                            </a>
                        
                    </div>
                    
                </div>
                <div class="col s5 right-align">
                    
                    <div class="post-cate">
                        <i class="fas fa-bookmark fa-fw icon-category"></i>
                        
                            <a href="/shier_jinghuang/categories/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/" class="post-category">
                                网络安全
                            </a>
                        
                    </div>
                    
                </div>
            </div>

            <div class="post-info">
                
                <div class="post-date info-break-policy">
                    <i class="far fa-calendar-minus fa-fw"></i>发布日期:&nbsp;&nbsp;
                    2022-11-24
                </div>
                

                
                <div class="post-date info-break-policy">
                    <i class="far fa-calendar-check fa-fw"></i>更新日期:&nbsp;&nbsp;
                    2022-11-24
                </div>
                

                
                <div class="info-break-policy">
                    <i class="far fa-file-word fa-fw"></i>文章字数:&nbsp;&nbsp;
                    2.5k
                </div>
                

                
                <div class="info-break-policy">
                    <i class="far fa-clock fa-fw"></i>阅读时长:&nbsp;&nbsp;
                    8 分
                </div>
                

                
                    <div id="busuanzi_container_page_pv" class="info-break-policy">
                        <i class="far fa-eye fa-fw"></i>阅读次数:&nbsp;&nbsp;
                        <span id="busuanzi_value_page_pv"></span>
                    </div>
				
            </div>
        </div>
        <hr class="clearfix">

        
        <!-- 是否加载使用自带的 prismjs. -->
        <link rel="stylesheet" href="/shier_jinghuang/libs/prism/prism.min.css">
        

        

        <div class="card-content article-card-content">
            <div id="articleContent">
                <h2 id="网络攻击与防范"><a href="#网络攻击与防范" class="headerlink" title="网络攻击与防范"></a>网络攻击与防范</h2><p>[TOC]</p>
<h3 id="网络攻击概述"><a href="#网络攻击概述" class="headerlink" title="网络攻击概述"></a>网络攻击概述</h3><blockquote>
<p style="color:blue;">任何在非授权的情况下，试图存取信息、处理信息或破坏网络系统以使系统不可靠、不可用的故意行为都被称为网络攻击</p>
</blockquote>
<h3 id="常见网络攻击"><a href="#常见网络攻击" class="headerlink" title="常见网络攻击"></a>常见网络攻击</h3><p>常见的网络攻击类型有：拒绝服务攻击，利用型攻击，信息收集型攻击，虚假信息型攻击 </p>
<h4 id="拒绝服务型攻击"><a href="#拒绝服务型攻击" class="headerlink" title="拒绝服务型攻击"></a>拒绝服务型攻击</h4><blockquote>
<p style="color:orange;">拒绝服务攻击（Denial of Service, DoS）利用TCP/IP协议本身的漏洞或网络中操作系统漏洞，让被攻击主机无法响应正常的用户请求而实现的</p>
</blockquote>
<ul>
<li>在DoS攻击中，攻击者加载过多的服务将系统，使得没有多余资源供其他用户使用。</li>
</ul>
<h5 id="分布式拒绝服务攻击"><a href="#分布式拒绝服务攻击" class="headerlink" title="分布式拒绝服务攻击:"></a>分布式拒绝服务攻击:</h5><blockquote>
<p style="color:orange;">分布式拒绝服务攻击（Distributed Denial of Service, DDoS）是一种基于DoS攻击、但形式特殊的拒绝服务攻击，采用一种分布、协作的大规模攻击方式</p>
</blockquote>
<ul>
<li>DDoS攻击是利用一批受控制的主机向一台主机发起攻击，其攻击的强度和造成的威胁要比DoS攻击严重得多</li>
</ul>
<img src="https://im-so-scared-2.gitee.io/shier_jinghuang/2022/10/30/子域名深度挖掘/分布式拒绝服务攻击.png" style="zoom: 50%;" />

<h4 id="缓冲区溢出攻击"><a href="#缓冲区溢出攻击" class="headerlink" title="缓冲区溢出攻击"></a>缓冲区溢出攻击</h4><p>缓冲区溢出攻击是一种常见且危害很大的系统攻击手段，攻击者向一个有限空间的缓冲区中复制过长的字符串，可能产生两种结果：</p>
<ol>
<li>过长的字符串覆盖了相邻的存储单元而造成程序瘫痪，甚至造成系统崩溃</li>
<li>攻击者运行恶意代码，执行任意指令，甚至获得管理员用户的权限等</li>
</ol>
<h5 id="缓冲区溢出攻击的防范"><a href="#缓冲区溢出攻击的防范" class="headerlink" title="缓冲区溢出攻击的防范"></a>缓冲区溢出攻击的防范</h5><ul>
<li>编写正确的代码</li>
<li>非执行缓冲区保护</li>
<li>数组边界检查</li>
<li>程序指针完整性检查</li>
</ul>
<h3 id="入侵检测概述"><a href="#入侵检测概述" class="headerlink" title="入侵检测概述"></a>入侵检测概述</h3><h4 id="传统安全技术的局限性"><a href="#传统安全技术的局限性" class="headerlink" title="传统安全技术的局限性"></a>传统安全技术的局限性</h4><ol>
<li><strong>传统的安全技术</strong>采用严格的访问控制和数据加密策略来防护</li>
<li>大部分损失是由内部引起的，而传统安全技术难于防内</li>
<li>传统的安全技术基本上是一种<strong>被动的防护</strong>，而如今的攻击和入侵要求我们主动地去检测、发现和排除安全隐患</li>
</ol>
<h4 id="入侵检测系统概述"><a href="#入侵检测系统概述" class="headerlink" title="入侵检测系统概述"></a>入侵检测系统概述</h4><p><strong>入侵（Intrusion）</strong></p>
<p>企图进入或滥用计算机或网络系统的行为，可能来自于网络内部的合法用户，或网络外部的非法用户</p>
<p><strong>入侵检测（Intrusion Detection）</strong></p>
<blockquote>
<p style="color:blue;">入侵检测系统的定义:对系统的运行状态进行监视，发现各种攻击企图、攻击行为或者攻击结果，以保证系统资源的机密性、完整性和可用性</p>
</blockquote>
<p><strong>入侵检测系统（Intrusion Detection System， IDS）</strong></p>
<blockquote>
<ul>
<li><p style="color:blue;">定义：进行入侵检测的软件与硬件的组合便是入侵检测系统</p></li>
</ul>
</blockquote>
<blockquote>
<ul>
<li><p style="color:blue;">功能：监控计算机系统或网络系统中发生的事件，根据规则进行安全审计</p></li>
<li><p style="color:orange;">通过从计算机网络或计算机系统的关键点收集信息并进行分析，从中发现网络或系统中是否有违反安全策略的行为和被攻击的迹象</p></li>
</ul>
</blockquote>
<h5 id="入侵检测相关术语"><a href="#入侵检测相关术语" class="headerlink" title="入侵检测相关术语:"></a>入侵检测相关术语:</h5><p>Promiscuous 混杂模式，即IDS网络接口可以看到网段中所有的网络通信量，不管其来源或目的地<br>Signatures 特征，即攻击的特征，Alerts 警告，Anomaly 异常，Console 控制台，Sensor 传感器，即检测引擎</p>
<h3 id="入侵检测系统"><a href="#入侵检测系统" class="headerlink" title="入侵检测系统"></a>入侵检测系统</h3><p>按系统各模块的运行方式</p>
<ol>
<li>集中式：系统的各个模块包括数据的收集分析集中在一台主机上运行</li>
<li>分布式：系统的各个模块分布在不同的计算机和设备上</li>
</ol>
<p>根据时效性</p>
<ol>
<li>脱机分析：行为发生后，对产生的数据进行分析</li>
<li>联机分析：在数据产生的同时或者发生改变时进行分析</li>
</ol>
<h5 id="基于主机的入侵检测系统"><a href="#基于主机的入侵检测系统" class="headerlink" title="基于主机的入侵检测系统"></a>基于主机的入侵检测系统</h5><p>基于主机的入侵检测系统: Host-Based IDS(HIDS)<br>系统安装在主机上面，对本主机进行安全检测</p>
<ul>
<li><p>优点</p>
<ul>
<li>审计内容全面，保护更加周密；视野集中；适用于加密及交换环境；易于用户自定义；对网络流量不敏感</li>
</ul>
</li>
<li><p>缺点</p>
<ul>
<li>额外产生的安全问题；HIDS依赖性强；如果主机数目多，代价过大；不能监控网络上的情况</li>
</ul>
</li>
</ul>
<h5 id="基于网络的入侵检测系统"><a href="#基于网络的入侵检测系统" class="headerlink" title="基于网络的入侵检测系统"></a>基于网络的入侵检测系统</h5><p>基于网络的入侵检测系统：Network-Based IDS(NIDS)</p>
<blockquote>
<p style="color:blue;">系统安装在比较重要的网段内，在共享网段上对通信数据进行侦听采集数据</p>
</blockquote>
<p>优点：检测范围广，提供对网络通用的保护；无需改变主机配置和性能，安装方便；独立性，操作系统无关性；侦测速度快； 隐蔽性好 ；较少的监测器，占资源少</p>
<p>缺点：不能检测不同网段的网络包；很难检测复杂的需要大量计算的攻击；协同工作能力弱；难以处理加密的会话 </p>
<blockquote>
<p>入侵检测系统包括三个功能部件：<strong>信息收集</strong>，<strong>信息分析</strong>，<strong>结果处理</strong></p>
</blockquote>
<h4 id="信息收集"><a href="#信息收集" class="headerlink" title="信息收集"></a>信息收集</h4><blockquote>
<p style="color:blue;">入侵检测的第一步是信息收集，收集内容包括系统、网络、数据及用户活动的状态和行为</p>
</blockquote>
<ol>
<li>尽可能扩大检测范围：需要在计算机网络系统中的若干不同关键点（不同网段和不同主机）收集信息</li>
<li>要保证用来检测网络系统的软件的完整性：特别是入侵检测系统软件本身应具有相当强的坚固性，防止被篡改而收集到错误的信息 </li>
<li>信息收集的来源：系统或网络的日志文件，网络流量，系统目录和文件的异常变化，程序执行中的异常行为</li>
</ol>
<h4 id="信息分析"><a href="#信息分析" class="headerlink" title="信息分析"></a>信息分析</h4><p>分析得到的数据，并产生分析结果</p>
<ul>
<li><strong>模式匹配</strong>：将收集到的信息与已知的网络入侵和系统误用模式数据库进行比较，从而发现违背安全策略的行为</li>
<li><strong>统计分析</strong>：首先给系统对象创建一个统计描述，统计正常使用时的一些测量属性（如访问次数、操作失败次数和延时等）。测量属性的平均值和偏差将被用来与网络、系统的行为进行比较，任何观察值在正常值范围之外时，就认为有入侵发生</li>
<li><strong>完整性分析</strong>：事后分析，主要关注某个文件或对象是否被更改</li>
</ul>
<p>入侵检测的分析方式：异常检测（Anomaly Detection），误用检测（Misuse Detection），完整性分析</p>
<h5 id="异常检测："><a href="#异常检测：" class="headerlink" title="异常检测："></a>异常检测：</h5><p>建立正常行为的特征轮廓，检查系统的运行情况</p>
<ul>
<li><p>优点</p>
<blockquote>
<p>可以检测到未知的入侵,可以检测冒用他人帐号的行为,具有自适应，自学习功能，不需要系统先验知识</p>
</blockquote>
</li>
<li><p>缺点</p>
<blockquote>
<p>漏报、误报率高，入侵者可以逐渐改变自己的行为模式来逃避检测，合法用户正常行为的突然改变也会造成误警，统计算法的计算量庞大，效率很低，统计点的选取和参考库的建立比较困难</p>
</blockquote>
</li>
</ul>
<h5 id="误用检测"><a href="#误用检测" class="headerlink" title="误用检测"></a>误用检测</h5><p>提前建立已出现的入侵行为特征，检测当前用户行为特征，模式匹配</p>
<ul>
<li>优点<ul>
<li>算法简单，系统开销小，准确率高，效率高</li>
</ul>
</li>
<li>缺点<ul>
<li>被动，只能检测出已知攻击，新类型的攻击会对系统造成很大的威胁，模式库的建立和维护难，模式库要不断更新，知识依赖于硬件平台、操作系统和系统中运行的应用程序</li>
</ul>
</li>
</ul>
<h5 id="完整性分析"><a href="#完整性分析" class="headerlink" title="完整性分析"></a>完整性分析</h5><p>通过检查系统的当前系统配置，诸如系统文件的内容或者系统表，来检查系统是否已经或者可能会遭到破坏 </p>
<ul>
<li>优点 ：不管模式匹配方法和统计分析方法能否发现入侵，只要是成功的攻击导致了文件或其它对象的任何改变，它都能够发现</li>
<li>缺点：一般以批处理方式实现，不用于实时响应</li>
</ul>
<h4 id="结果处理"><a href="#结果处理" class="headerlink" title="结果处理"></a>结果处理</h4><p>结果处理，即对分析结果作出反应。</p>
<img src="https://im-so-scared-2.gitee.io/shier_jinghuang/2022/10/30/子域名深度挖掘/入侵检测系统组成.png" style="zoom:67%;" />

<img src="https://im-so-scared-2.gitee.io/shier_jinghuang/2022/10/30/子域名深度挖掘/入侵检测引擎工作流程.png" style="zoom: 50%;" />

<center>入侵检测引擎工作流程</center>
#### IDS标准化要求

<p>目前网络的安全也要求IDS能够与访问控制、应急、入侵追踪等系统交换信息，相互协作，形成一个整体有效的安全保障系统</p>
<h5 id="CIDF"><a href="#CIDF" class="headerlink" title="CIDF"></a>CIDF</h5><p>The Common Intrusion Detection Framework, CIDF<br>CIDF是一套规范，它定义了IDS表达检测信息的标准语言以及IDS组件之间的通信协议<br>符合CIDF规范的IDS可以共享检测信息，相互通信，协同工作，还可以与其它系统配合实施统一的配置响应和恢复策略<br>CIDF的主要作用在于集成各种IDS使之协同工作，实现各IDS之间的组件重用，所以CIDF也是构建分布式IDS的基础</p>
<img src="https://im-so-scared-2.gitee.io/shier_jinghuang/2022/10/30/子域名深度挖掘/CIDF的体系结构示意图.png" style="zoom: 50%;" />

<center>CIDF的体系结构示意图</center>
### 计算机紧急响应 

<blockquote>
<p>紧急响应服务能够在安全事件发生时进行紧急援助，避免造成更大的损失</p>
</blockquote>
<ul>
<li>应急响应的工作过程：准备，事件检测，抑制，根除，恢复，报告 </li>
</ul>
<h4 id="蜜罐技术"><a href="#蜜罐技术" class="headerlink" title="蜜罐技术"></a>蜜罐技术</h4><blockquote>
<p>蜜罐（HoneyPot）系统是试图将攻击从关键系统引诱开并能记录其一举一动的诱骗系统</p>
<ul>
<li>当检测到对蜜罐系统的访问时，很可能就有攻击者闯入</li>
<li>蜜罐系统的另一个目的是诱惑攻击者在该系统上浪费时间，以延缓对真正目标的攻击</li>
</ul>
</blockquote>
<h4 id="蜜罐的功能"><a href="#蜜罐的功能" class="headerlink" title="蜜罐的功能"></a>蜜罐的功能</h4><ol>
<li>转移攻击重要系统的攻击者</li>
<li>收集攻击者活动的信息</li>
<li>希望攻击者在系统中逗留足够的时间，使管理员能对此攻击做出响应。</li>
</ol>

                
            </div>
            <hr/>

            

    <div class="reprint" id="reprint-statement">
        
            <div class="reprint__author">
                <span class="reprint-meta" style="font-weight: bold;">
                    <i class="fas fa-user">
                        文章作者:
                    </i>
                </span>
                <span class="reprint-info">
                    <a href="/shier_jinghuang/about" rel="external nofollow noreferrer">十二惊惶</a>
                </span>
            </div>
            <div class="reprint__type">
                <span class="reprint-meta" style="font-weight: bold;">
                    <i class="fas fa-link">
                        文章链接:
                    </i>
                </span>
                <span class="reprint-info">
                    <a href="https://im-so-scared-2.gitee.io/shier_jinghuang/shier_jinghuang/2022/11/24/%E7%BD%91%E7%BB%9C%E6%94%BB%E5%87%BB%E4%B8%8E%E9%98%B2%E8%8C%83/">https://im-so-scared-2.gitee.io/shier_jinghuang/shier_jinghuang/2022/11/24/%E7%BD%91%E7%BB%9C%E6%94%BB%E5%87%BB%E4%B8%8E%E9%98%B2%E8%8C%83/</a>
                </span>
            </div>
            <div class="reprint__notice">
                <span class="reprint-meta" style="font-weight: bold;">
                    <i class="fas fa-copyright">
                        版权声明:
                    </i>
                </span>
                <span class="reprint-info">
                    本博客所有文章除特別声明外，均采用
                    <a href="https://creativecommons.org/licenses/by/4.0/deed.zh" rel="external nofollow noreferrer" target="_blank">CC BY 4.0</a>
                    许可协议。转载请注明来源
                    <a href="/shier_jinghuang/about" target="_blank">十二惊惶</a>
                    !
                </span>
            </div>
        
    </div>

    <script async defer>
      document.addEventListener("copy", function (e) {
        let toastHTML = '<span>复制成功，请遵循本文的转载规则</span><button class="btn-flat toast-action" onclick="navToReprintStatement()" style="font-size: smaller">查看</a>';
        M.toast({html: toastHTML})
      });

      function navToReprintStatement() {
        $("html, body").animate({scrollTop: $("#reprint-statement").offset().top - 80}, 800);
      }
    </script>



            <div class="tag_share" style="display: block;">
                <div class="post-meta__tag-list" style="display: inline-block;">
                    
                        <div class="article-tag">
                            
                                <a href="/shier_jinghuang/tags/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/">
                                    <span class="chip bg-color">网络安全</span>
                                </a>
                            
                        </div>
                    
                </div>
                <div class="post_share" style="zoom: 80%; width: fit-content; display: inline-block; float: right; margin: -0.15rem 0;">
                    <link rel="stylesheet" type="text/css" href="/shier_jinghuang/libs/share/css/share.min.css">
<div id="article-share">

    
    <div class="social-share" data-sites="twitter,facebook,google,qq,qzone,wechat,weibo,douban,linkedin" data-wechat-qrcode-helper="<p>微信扫一扫即可分享！</p>"></div>
    <script src="/shier_jinghuang/libs/share/js/social-share.min.js"></script>
    

    

</div>

                </div>
            </div>
            
        </div>
    </div>

    

    

    

    

    

    

    

    

    

<article id="prenext-posts" class="prev-next articles">
    <div class="row article-row">
        
        <div class="article col s12 m6" data-aos="fade-up">
            <div class="article-badge left-badge text-color">
                <i class="fas fa-chevron-left"></i>&nbsp;上一篇</div>
            <div class="card">
                <a href="/shier_jinghuang/2022/12/15/%E7%BD%91%E7%BB%9C%E5%8D%8F%E8%AE%AE%E5%88%86%E6%9E%90%E6%B1%87%E6%80%BB/">
                    <div class="card-image">
                        
                        
                        <img src="/shier_jinghuang/medias/featureimages/12.jpg" class="responsive-img" alt="IPv4部分协议信息汇总">
                        
                        <span class="card-title">IPv4部分协议信息汇总</span>
                    </div>
                </a>
                <div class="card-content article-content">
                    <div class="summary block-with-text">
                        
                            
                        
                    </div>
                    <div class="publish-info">
                        <span class="publish-date">
                            <i class="far fa-clock fa-fw icon-date"></i>2022-12-15
                        </span>
                        <span class="publish-author">
                            
                            <i class="fas fa-bookmark fa-fw icon-category"></i>
                            
                            <a href="/shier_jinghuang/categories/%E7%BD%91%E7%BB%9C%E5%B7%A5%E7%A8%8B%E7%9B%B8%E5%85%B3/" class="post-category">
                                    网络工程相关
                                </a>
                            
                            
                        </span>
                    </div>
                </div>
                
                <div class="card-action article-tags">
                    
                    <a href="/shier_jinghuang/tags/%E7%BD%91%E7%BB%9C%E5%8D%8F%E8%AE%AE%E5%88%86%E6%9E%90/">
                        <span class="chip bg-color">网络协议分析</span>
                    </a>
                    
                </div>
                
            </div>
        </div>
        
        
        <div class="article col s12 m6" data-aos="fade-up">
            <div class="article-badge right-badge text-color">
                下一篇&nbsp;<i class="fas fa-chevron-right"></i>
            </div>
            <div class="card">
                <a href="/shier_jinghuang/2022/11/21/%E7%94%9F%E6%88%90%E6%A0%91%E5%8D%8F%E8%AE%AE/">
                    <div class="card-image">
                        
                        
                        <img src="/shier_jinghuang/medias/featureimages/1.jpg" class="responsive-img" alt="生成树协议">
                        
                        <span class="card-title">生成树协议</span>
                    </div>
                </a>
                <div class="card-content article-content">
                    <div class="summary block-with-text">
                        
                            
                        
                    </div>
                    <div class="publish-info">
                            <span class="publish-date">
                                <i class="far fa-clock fa-fw icon-date"></i>2022-11-21
                            </span>
                        <span class="publish-author">
                            
                            <i class="fas fa-bookmark fa-fw icon-category"></i>
                            
                            <a href="/shier_jinghuang/categories/%E7%BD%91%E7%BB%9C%E5%B7%A5%E7%A8%8B%E7%9B%B8%E5%85%B3/" class="post-category">
                                    网络工程相关
                                </a>
                            
                            
                        </span>
                    </div>
                </div>
                
                <div class="card-action article-tags">
                    
                    <a href="/shier_jinghuang/tags/HCIP/">
                        <span class="chip bg-color">HCIP</span>
                    </a>
                    
                </div>
                
            </div>
        </div>
        
    </div>
</article>

</div>



<!-- 代码块功能依赖 -->
<script type="text/javascript" src="/shier_jinghuang/libs/codeBlock/codeBlockFuction.js"></script>


  <!-- 是否加载使用自带的 prismjs. -->
  <script type="text/javascript" src="/shier_jinghuang/libs/prism/prism.min.js"></script>


<!-- 代码语言 -->

<script type="text/javascript" src="/shier_jinghuang/libs/codeBlock/codeLang.js"></script>


<!-- 代码块复制 -->

<script type="text/javascript" src="/shier_jinghuang/libs/codeBlock/codeCopy.js"></script>


<!-- 代码块收缩 -->

<script type="text/javascript" src="/shier_jinghuang/libs/codeBlock/codeShrink.js"></script>



    </div>
    <div id="toc-aside" class="expanded col l3 hide-on-med-and-down">
        <div class="toc-widget card" style="background-color: white;">
            <div class="toc-title"><i class="far fa-list-alt"></i>&nbsp;&nbsp;目录</div>
            <div id="toc-content"></div>
        </div>
    </div>
</div>

<!-- TOC 悬浮按钮. -->

<div id="floating-toc-btn" class="hide-on-med-and-down">
    <a class="btn-floating btn-large bg-color">
        <i class="fas fa-list-ul"></i>
    </a>
</div>


<script src="/shier_jinghuang/libs/tocbot/tocbot.min.js"></script>
<script>
    $(function () {
        tocbot.init({
            tocSelector: '#toc-content',
            contentSelector: '#articleContent',
            headingsOffset: -($(window).height() * 0.4 - 45),
            collapseDepth: Number('0'),
            headingSelector: 'h2, h3, h4'
        });

        // Set scroll toc fixed.
        let tocHeight = parseInt($(window).height() * 0.4 - 64);
        let $tocWidget = $('.toc-widget');
        $(window).scroll(function () {
            let scroll = $(window).scrollTop();
            /* add post toc fixed. */
            if (scroll > tocHeight) {
                $tocWidget.addClass('toc-fixed');
            } else {
                $tocWidget.removeClass('toc-fixed');
            }
        });

        
        /* 修复文章卡片 div 的宽度. */
        let fixPostCardWidth = function (srcId, targetId) {
            let srcDiv = $('#' + srcId);
            if (srcDiv.length === 0) {
                return;
            }

            let w = srcDiv.width();
            if (w >= 450) {
                w = w + 21;
            } else if (w >= 350 && w < 450) {
                w = w + 18;
            } else if (w >= 300 && w < 350) {
                w = w + 16;
            } else {
                w = w + 14;
            }
            $('#' + targetId).width(w);
        };

        // 切换TOC目录展开收缩的相关操作.
        const expandedClass = 'expanded';
        let $tocAside = $('#toc-aside');
        let $mainContent = $('#main-content');
        $('#floating-toc-btn .btn-floating').click(function () {
            if ($tocAside.hasClass(expandedClass)) {
                $tocAside.removeClass(expandedClass).hide();
                $mainContent.removeClass('l9');
            } else {
                $tocAside.addClass(expandedClass).show();
                $mainContent.addClass('l9');
            }
            fixPostCardWidth('artDetail', 'prenext-posts');
        });
        
    });
</script>

    

</main>




    <footer class="page-footer bg-color">
    
        <link rel="stylesheet" href="/shier_jinghuang/libs/aplayer/APlayer.min.css">
<style>
    .aplayer .aplayer-lrc p {
        
        display: none;
        
        font-size: 12px;
        font-weight: 700;
        line-height: 16px !important;
    }

    .aplayer .aplayer-lrc p.aplayer-lrc-current {
        
        display: none;
        
        font-size: 15px;
        color: #42b983;
    }

    
    .aplayer.aplayer-fixed.aplayer-narrow .aplayer-body {
        left: -66px !important;
    }

    .aplayer.aplayer-fixed.aplayer-narrow .aplayer-body:hover {
        left: 0px !important;
    }

    
</style>
<div class="">
    
    <div class="row">
        <meting-js class="col l8 offset-l2 m10 offset-m1 s12"
                   server="netease"
                   type="playlist"
                   id="503838841"
                   fixed='true'
                   autoplay='false'
                   theme='#42b983'
                   loop='all'
                   order='random'
                   preload='auto'
                   volume='0.7'
                   list-folded='true'
        >
        </meting-js>
    </div>
</div>

<script src="/shier_jinghuang/libs/aplayer/APlayer.min.js"></script>
<script src="/shier_jinghuang/libs/aplayer/Meting.min.js"></script>

    

    <div class="container row center-align"
         style="margin-bottom: 0px !important;">
        <div class="col s12 m8 l8 copy-right">
            Copyright&nbsp;&copy;
            
                <span id="year">2019-2023</span>
            
            <a href="/shier_jinghuang/about" target="_blank">十二惊惶</a>
            |&nbsp;Powered by&nbsp;<a href="https://hexo.io/" target="_blank">Hexo</a>
            |&nbsp;Theme&nbsp;<a href="https://github.com/blinkfox/hexo-theme-matery" target="_blank">Matery</a>
            <br>
            
                &nbsp;<i class="fas fa-chart-area"></i>&nbsp;站点总字数:&nbsp;<span
                        class="white-color">289.6k</span>
            
            
            
                
            
            
                <span id="busuanzi_container_site_pv">
                &nbsp;|&nbsp;<i class="far fa-eye"></i>&nbsp;总访问量:&nbsp;
                    <span id="busuanzi_value_site_pv" class="white-color"></span>
            </span>
            
            
                <span id="busuanzi_container_site_uv">
                &nbsp;|&nbsp;<i class="fas fa-users"></i>&nbsp;总访问人数:&nbsp;
                    <span id="busuanzi_value_site_uv" class="white-color"></span>
            </span>
            
            <br>

            <!-- 运行天数提醒. -->
            
            <br>
            
        </div>
        <div class="col s12 m4 l4 social-link social-statis">
    <a href="https://github.com/blinkfox" class="tooltipped" target="_blank" data-tooltip="访问我的GitHub" data-position="top" data-delay="50">
        <i class="fab fa-github"></i>
    </a>



    <a href="mailto:1181062873@qq.com" class="tooltipped" target="_blank" data-tooltip="邮件联系我" data-position="top" data-delay="50">
        <i class="fas fa-envelope-open"></i>
    </a>







    <a href="tencent://AddContact/?fromId=50&fromSubId=1&subcmd=all&uin=1181062873" class="tooltipped" target="_blank" data-tooltip="QQ联系我: 1181062873" data-position="top" data-delay="50">
        <i class="fab fa-qq"></i>
    </a>







    <a href="/shier_jinghuang/atom.xml" class="tooltipped" target="_blank" data-tooltip="RSS 订阅" data-position="top" data-delay="50">
        <i class="fas fa-rss"></i>
    </a>

</div>
    </div>
</footer>

<div class="progress-bar"></div>


    <!-- 搜索遮罩框 -->
<div id="searchModal" class="modal">
    <div class="modal-content">
        <div class="search-header">
            <span class="title"><i class="fas fa-search"></i>&nbsp;&nbsp;搜索</span>
            <input type="search" id="searchInput" name="s" placeholder="请输入搜索的关键字"
                   class="search-input">
        </div>
        <div id="searchResult"></div>
    </div>
</div>

<script type="text/javascript">
$(function () {
    var searchFunc = function (path, search_id, content_id) {
        'use strict';
        $.ajax({
            url: path,
            dataType: "xml",
            success: function (xmlResponse) {
                // get the contents from search data
                var datas = $("entry", xmlResponse).map(function () {
                    return {
                        title: $("title", this).text(),
                        content: $("content", this).text(),
                        url: $("url", this).text()
                    };
                }).get();
                var $input = document.getElementById(search_id);
                var $resultContent = document.getElementById(content_id);
                $input.addEventListener('input', function () {
                    var str = '<ul class=\"search-result-list\">';
                    var keywords = this.value.trim().toLowerCase().split(/[\s\-]+/);
                    $resultContent.innerHTML = "";
                    if (this.value.trim().length <= 0) {
                        return;
                    }
                    // perform local searching
                    datas.forEach(function (data) {
                        var isMatch = true;
                        var data_title = data.title.trim().toLowerCase();
                        var data_content = data.content.trim().replace(/<[^>]+>/g, "").toLowerCase();
                        var data_url = data.url;
                        data_url = data_url.indexOf('/') === 0 ? data.url : '/' + data_url;
                        var index_title = -1;
                        var index_content = -1;
                        var first_occur = -1;
                        // only match artiles with not empty titles and contents
                        if (data_title !== '' && data_content !== '') {
                            keywords.forEach(function (keyword, i) {
                                index_title = data_title.indexOf(keyword);
                                index_content = data_content.indexOf(keyword);
                                if (index_title < 0 && index_content < 0) {
                                    isMatch = false;
                                } else {
                                    if (index_content < 0) {
                                        index_content = 0;
                                    }
                                    if (i === 0) {
                                        first_occur = index_content;
                                    }
                                }
                            });
                        }
                        // show search results
                        if (isMatch) {
                            str += "<li><a href='" + data_url + "' class='search-result-title'>" + data_title + "</a>";
                            var content = data.content.trim().replace(/<[^>]+>/g, "");
                            if (first_occur >= 0) {
                                // cut out 100 characters
                                var start = first_occur - 20;
                                var end = first_occur + 80;
                                if (start < 0) {
                                    start = 0;
                                }
                                if (start === 0) {
                                    end = 100;
                                }
                                if (end > content.length) {
                                    end = content.length;
                                }
                                var match_content = content.substr(start, end);
                                // highlight all keywords
                                keywords.forEach(function (keyword) {
                                    var regS = new RegExp(keyword, "gi");
                                    match_content = match_content.replace(regS, "<em class=\"search-keyword\">" + keyword + "</em>");
                                });

                                str += "<p class=\"search-result\">" + match_content + "...</p>"
                            }
                            str += "</li>";
                        }
                    });
                    str += "</ul>";
                    $resultContent.innerHTML = str;
                });
            }
        });
    };

    searchFunc('/shier_jinghuang/search.xml', 'searchInput', 'searchResult');
});
</script>

    <!-- 白天和黑夜主题 -->
<div class="stars-con">
    <div id="stars"></div>
    <div id="stars2"></div>
    <div id="stars3"></div>  
</div>

<script>
    function switchNightMode() {
        $('<div class="Cuteen_DarkSky"><div class="Cuteen_DarkPlanet"></div></div>').appendTo($('body')),
        setTimeout(function () {
            $('body').hasClass('DarkMode') 
            ? ($('body').removeClass('DarkMode'), localStorage.setItem('isDark', '0'), $('#sum-moon-icon').removeClass("fa-sun").addClass('fa-moon')) 
            : ($('body').addClass('DarkMode'), localStorage.setItem('isDark', '1'), $('#sum-moon-icon').addClass("fa-sun").removeClass('fa-moon')),
            
            setTimeout(function () {
            $('.Cuteen_DarkSky').fadeOut(1e3, function () {
                $(this).remove()
            })
            }, 2e3)
        })
    }
</script>

    <!-- 回到顶部按钮 -->
<div id="backTop" class="top-scroll">
    <a class="btn-floating btn-large waves-effect waves-light" href="#!">
        <i class="fas fa-arrow-up"></i>
    </a>
</div>


    <script src="/shier_jinghuang/libs/materialize/materialize.min.js"></script>
    <script src="/shier_jinghuang/libs/masonry/masonry.pkgd.min.js"></script>
    <script src="/shier_jinghuang/libs/aos/aos.js"></script>
    <script src="/shier_jinghuang/libs/scrollprogress/scrollProgress.min.js"></script>
    <script src="/shier_jinghuang/libs/lightGallery/js/lightgallery-all.min.js"></script>
    <script src="/shier_jinghuang/js/matery.js"></script>

    

    

    <!-- 雪花特效 -->
    

    <!-- 鼠标星星特效 -->
    

     
        <script src="https://ssl.captcha.qq.com/TCaptcha.js"></script>
        <script src="/shier_jinghuang/libs/others/TencentCaptcha.js"></script>
        <button id="TencentCaptcha" data-appid="xxxxxxxxxx" data-cbfn="callback" type="button" hidden></button>
    

    <!-- Baidu Analytics -->

    <!-- Baidu Push -->

<script>
    (function () {
        var bp = document.createElement('script');
        var curProtocol = window.location.protocol.split(':')[0];
        if (curProtocol === 'https') {
            bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
        } else {
            bp.src = 'http://push.zhanzhang.baidu.com/push.js';
        }
        var s = document.getElementsByTagName("script")[0];
        s.parentNode.insertBefore(bp, s);
    })();
</script>

    
    <script src="/shier_jinghuang/libs/others/clicklove.js" async="async"></script>
    
    
    <script async src="/shier_jinghuang/libs/others/busuanzi.pure.mini.js"></script>
    

    

    

    <!--腾讯兔小巢-->
    
    

    

    

    
    <script src="/shier_jinghuang/libs/instantpage/instantpage.js" type="module"></script>
    

</body>

</html>
